Cisco Blogs


Cisco Blog > Government

ICCC 2012: Raising Awareness of Common Criteria, Promoting Security for Emerging Technologies

In this age of emerging technologies and increasingly complex cyber threats, government and enterprise organizations of all types need to ensure that products they use meet key security criteria, are standards based, perform as expected and interoperate reliably with existing technology.

As these organizations adopt new emerging technologies in hopes of saving on infrastructure and maintenance costs, is this at the risk of security? Without the proper security mechanisms in place and validated, the results could be catastrophic.

Common Criteria is an international standard for evaluating IT product security and reliability, recognized by more than 26 countries around the world. Common Criteria is considered a mandatory requirement for purchasing network security products by many governments.

The 13th International Common Criteria Conference, this year being held in Paris from September 18-20, will bring together leaders from governments and organizations of all types from around the world.

The ICCC Conference offers certification/validation schemes, evaluation laboratories, product developers, system integrators and product users to exchange expertise, experiences and skills on the application of the Common Criteria and security for Information and Communication Technology [ICT] solutions, such as Cloud Computing.

Cisco will participate in speaking sessions at the conference focused on topics including Supply Chain Security, Architectural approaches to Technical Communities and Collaborative Protection Profiles, Cloud Security and Innovation.

Details on the speaking sessions presented by and in collaboration with Cisco are below:

Progress Report from the Supply Chain Security Technical Workgroup
Sept. 19 at 11:30 CET
Track 1 – Room B/Chagall + Van Dongen
Michael Grimm, senior program manager, Microsoft and Terrie Diaz, product certification engineer, Cisco

An Architectural Framework Approach in the Development of Technical Communities and Collaborative Protection Profiles
Sept. 19 at 11:30 CET
Track 2 – Room C/Soutine & Utrillo
Axel Munde, BSI
Dirk Jan Out, Brightsight
Jen Gilbert, lead, global certifications strategy and policy, Cisco

Cloud Security and Common Criteria
Sept. 19 at 14:30 CET
Track 3 – Room D/Picasso
Ashit Vora, manager, security assurance – FIPS/Common Criteria, Cisco

Innovation and the Common Criteria
Sept. 19 at 15:00 CET
Track 3 – Room D/Picasso
Audrey Plonk, Intel
Jen Gilbert, lead, global certifications strategy and policy, Cisco

Visit ICCC and Cisco Global Government Certifications for more information.

Tags: , , , , , ,

Cloud Myopia (Pitfall 3: I Can See the Data Center Clearly, but Users Look Blurry )

cloud infrastructure considerations vs. cloud data center considerationsSince my previous posts on cloud anomalies, Cisco did a worldwide survey of 1000+ IT professionals across 13 countries regarding their cloud deployments. The results reinforced challenges with performance and security and confirmed my inklings. However, one statistic was quite surprising. You would think data center is the lynchpin of cloud. However, when asked about the most critical infrastructure for cloud, 37% went for the network vs. 28% for virtualized data center. Well if cloud is all about data center consolidation, virtualization, and elasticity, then what’s the fuss about the network?  Read More »

Tags: , ,

Cisco ScanSafe: Now Cloudy in Canada

One of the most enjoyable parts of my job as a product manager is launching a new product. Typically this is a shiny new widget or a great piece of software. But for a cloud-based service like Cisco’s ScanSafe Web Security solution, the infrastructure is a big part of the product.

For those not familiar with the product, ScanSafe offers web security solutions to organizations ranging from global enterprises to small businesses. The service provides multiple layers of malware protection and acceptable use controls to block users from specific websites and categories. It does this by redirecting end-user web traffic directly to the cloud where every web request is analyzed using artificial intelligence-based “scanlets” to determine the associated security risk. With such heavy processing and computation, the nature of the cloud is as important as the service in the cloud.

That is why today, I am pleased to welcome Canada to ScanSafe’s cloud with the addition of two datacenters—the first in Vancouver and the second in Toronto. Canada has been an early adopter of SaaS-based technologies, and our newest datacenters will help us serve our customers in the region. In addition, companies with branch offices in these locations will now benefit from a local internet breakout.

Read More »

Tags: , ,

Duct Tape and Chewing Gum Isn’t Enough: Cloud and Virtual Environments Require Specialized Security

October 26, 2011 at 12:12 pm PST

By now, just about everybody who works in any area of IT knows that moving multiple workloads into one physical server optimizes server usage, minimizes procurement and operational costs, and increases overall efficiency of the network. As a result, virtualization technology remains one of the hottest topics in IT today, due to its overwhelming benefits to organizations of all sizes. Read More »

Tags: , , , , , ,

NCSAM Tip #10: Cloud Security for Everyone

October 14, 2011 at 7:15 am PST

Cloud services. You may or may not think about them, but they are no longer a talk of the future. Some of you probably listen to Rhapsody and Rdio, which are cloud-based streaming music services. Others perhaps use a cloud-based compression service Onavo to shrink your smartphone data and your monthly bill. Storage (Dropbox), email, social media, banking, location-based services (GPS), just to name some, all at your fingertips. For small and mid-size businesses, there’s a wide range of cloud services including productivity, finance, and accounting. For many companies and organizations, cloud adoption is on top of their priority list.

Before we continue to ride the cloud at lightning speed, shall we pause a moment to reflect on the risks? After all, there are many things that can threaten our data and services. To learn more about the current threat landscape, watch a rich and compelling on-demand webcast by Patrick Gray, principal security strategist at Cisco. Here are some specific concerns and action to take.

Read More »

Tags: , , , ,